Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.NNM_6_0_1.NASL
HistoryMay 16, 2022 - 12:00 a.m.

Nessus Network Monitor < 6.0.1 Multiple Vulnerabilities (TNS-2022-10)

2022-05-1600:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
51
JSON

The version of Nessus Network Monitor (NNM) installed on the remote host is prior to 6.0.1. It is, therefore, affected by multiple vulnerabilities in third-party software.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(161211);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/27");

  script_cve_id(
    "CVE-2021-3711",
    "CVE-2021-3712",
    "CVE-2021-4160",
    "CVE-2021-41182",
    "CVE-2021-41183",
    "CVE-2021-41184",
    "CVE-2022-0778"
  );

  script_name(english:"Nessus Network Monitor < 6.0.1 Multiple Vulnerabilities (TNS-2022-10)");

  script_set_attribute(attribute:"synopsis", value:
"A vulnerability scanner installed on the remote host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Nessus Network Monitor (NNM) installed on the remote host is prior to 6.0.1. It is, therefore, affected
by multiple vulnerabilities in third-party software.

  Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported 
  version number.");
  script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/tns-2022-10");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Nessus Network Monitor version 6.0.0 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3711");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/05/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/05/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tenable:nnm");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("nnm_installed_win.nbin", "nnm_installed_nix.nbin");
  script_require_keys("installed_sw/Tenable NNM", "Host/nnm_installed");

  exit(0);
}

include('vcf.inc');

var app_name = 'Tenable NNM';

var app_info = vcf::get_app_info(app:app_name);

vcf::check_granularity(app_info:app_info, sig_segments:3);

var constraints = [
  { 'fixed_version' : '6.0.1' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
tenablennmcpe:/a:tenable:nnm

Related

openvas 40
ibm 33
fedora 6
nessus 39
f5 1
debian 5
osv 15
drupal 3
checkpoint_advisories 2
threatpost 2
ubuntu 2
suse 2
altlinux 2
photon 6
mageia 2
freebsd 1
thn 2
cloudfoundry 1
freebsd_advisory 1
redhat 1
gentoo 2
ics 1
redhatcve 3
ubuntucve 3
alpinelinux 2
debiancve 3
github 4
prion 4
veracode 3
cve 3
cbl_mariner 2
broadcom 1
hackerone 1
openssl 1
openvas
openvas
Tenable Nessus Network Monitor < 6.0.1 Multiple Vulnerabilities (TNS-2022-10)
2022-12-20 00:00:00
Fedora: Security Advisory for js-jquery-ui (FEDORA-2021-013ab302be)
2021-12-04 00:00:00
Fedora: Security Advisory for js-jquery-ui (FEDORA-2021-ab38307fc3)
2021-12-04 00:00:00
ibm
ibm
Security Bulletin: IBM Security QRadar SOAR is using a component vulnerable to Cross Site Scripting (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184)
2022-03-03 17:06:48
Security Bulletin: Multiple vulnerabilities in jQuery-UI affect IBM Tivoli Netcool Impact (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184)
2021-12-10 10:54:12
Security Bulletin: API Connect is vulnerable to JQuery-UI Cross-Site Scripting (XSS) (CVE-2021-41184, CVE-2021-41183, CVE-2021-41182)
2022-10-21 22:13:58
fedora
fedora
[SECURITY] Fedora 34 Update: js-jquery-ui-1.13.0-1.fc34
2021-11-20 01:11:49
[SECURITY] Fedora 35 Update: js-jquery-ui-1.13.0-1.fc35
2021-11-20 01:08:33
[SECURITY] Fedora 33 Update: js-jquery-ui-1.13.0-1.fc33
2021-11-20 01:45:55
nessus
nessus
JQuery UI < 1.13.0 Multiple XSS
2021-12-31 00:00:00
jQuery UI < 1.13.0 Multiple Vulnerabilities
2021-11-04 00:00:00
Debian DLA-3230-1 : jqueryui - LTS security update
2022-12-08 00:00:00
f5
f5
K50455702 : jQuery vulnerabilities CVE-2021-41182, CVE-2021-41183, and CVE-2021-41184
2022-03-28 00:00:00
debian
debian
[SECURITY] [DLA 3230-1] jqueryui security update
2022-12-07 10:30:00
[SECURITY] [DSA 4963-1] openssl security update
2021-08-24 15:16:08
[SECURITY] [DSA 4963-1] openssl security update
2021-08-24 15:16:08
osv
osv
jqueryui - security update
2022-12-07 00:00:00
jqueryui vulnerabilities
2023-10-05 12:36:27
openssl - security update
2021-08-24 00:00:00
drupal
drupal
jQuery UI Datepicker - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-004
2022-01-19 00:00:00
Drupal core - Moderately critical - Cross site scripting - SA-CORE-2022-002
2022-01-19 00:00:00
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2022-001
2022-01-19 00:00:00
checkpoint_advisories
checkpoint_advisories
jQuery UI Datepicker Widget Cross Site Scripting (CVE-2021-41182; CVE-2021-41183)
2022-03-14 00:00:00
jQuery UI Cross-site Scripting (CVE-2021-41184)
2022-10-19 00:00:00
threatpost
threatpost
QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug
2022-03-31 13:22:49
QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout
2021-08-31 15:08:46
ubuntu
ubuntu
jQuery UI vulnerabilities
2023-10-05 00:00:00
OpenSSL vulnerabilities
2021-08-24 00:00:00
suse
suse
Security update for openssl-1_1 (important)
2021-08-25 00:00:00
Security update for openssl-1_1 (important)
2021-08-24 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1l-alt1
2021-09-02 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1l-alt1
2021-08-27 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0094
2021-09-03 00:00:00
Important Photon OS Security Update - PHSA-2021-0290
2021-08-27 00:00:00
Critical Photon OS Security Update - PHSA-2021-3.0-0290
2021-08-27 00:00:00
mageia
mageia
Updated mysql-connector-c++ packages fix security vulnerability
2022-01-25 15:13:11
Updated openssl packages fix security vulnerability
2021-09-23 07:49:29
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2021-08-24 00:00:00
thn
thn
QNAP Working on Patches for OpenSSL Flaws Affecting its NAS Devices
2021-09-01 07:11:00
New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers
2022-03-16 13:52:00
cloudfoundry
cloudfoundry
USN-5051-1: OpenSSL vulnerabilities | Cloud Foundry
2021-09-07 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-21:16.openssl
2021-08-24 00:00:00
redhat
redhat
(RHSA-2022:4711) Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update
2022-05-26 16:04:07
gentoo
gentoo
OpenSSL: Multiple Vulnerabilities
2022-10-16 00:00:00
IBM Spectrum Protect: Multiple Vulnerabilities
2022-09-07 00:00:00
ics
ics
Hitachi Energy’s RTU500 Series Product (Update B)
2023-10-19 12:00:00
redhatcve
redhatcve
CVE-2021-41184
2021-11-01 17:41:18
CVE-2021-41183
2021-11-01 17:41:12
CVE-2021-41182
2021-11-01 17:41:12
ubuntucve
ubuntucve
CVE-2021-41184
2021-10-26 00:00:00
CVE-2021-41182
2021-10-26 00:00:00
CVE-2021-41183
2021-10-26 00:00:00
alpinelinux
alpinelinux
CVE-2021-41182
2021-10-26 15:15:00
CVE-2021-41183
2021-10-26 15:15:00
debiancve
debiancve
CVE-2021-41182
2021-10-26 15:15:00
CVE-2021-41183
2021-10-26 15:15:00
CVE-2021-41184
2021-10-26 15:15:00
github
github
XSS in the `altField` option of the Datepicker widget in jquery-ui
2021-10-26 14:55:02
XSS in the `of` option of the `.position()` util in jquery-ui
2021-10-26 14:55:12
XSS in `*Text` options of the Datepicker widget in jquery-ui
2021-10-26 14:55:21
prion
prion
Code injection
2021-10-26 15:15:00
Code injection
2021-10-26 15:15:00
Code injection
2021-10-26 15:15:00
veracode
veracode
Cross-site Scripting (XSS)
2021-10-27 06:12:09
Cross-site Scripting (XSS)
2021-10-27 17:26:37
Cross-site Scripting (XSS)
2021-10-27 05:33:22
cve
cve
CVE-2021-41182
2021-10-26 15:15:00
CVE-2021-41183
2021-10-26 15:15:00
CVE-2021-41184
2021-10-26 15:15:00
cbl_mariner
cbl_mariner
CVE-2021-4160 affecting package openssl 1.1.1k-16
2021-09-09 15:02:55
CVE-2021-4160 affecting package openssl 1.1.1k-13
2022-04-26 20:16:58
broadcom
broadcom
CVE-2021-3711: ASN1_STRING structure contains a buffer holding the string data
2022-09-13 00:00:00
hackerone
hackerone
Internet Bug Bounty: CVE-2021-3711: SM2 decrypt buffer overflow
2021-09-27 13:47:10
openssl
openssl
Vulnerability in OpenSSL CVE-2021-3711
2021-08-24 00:00:00
JSON
Related for NNM_6_0_1.NASL
openvas40ibm33fedora6nessus39f51debian5osv15drupal3checkpoint_advisories2threatpost2ubuntu2suse2altlinux2photon6mageia2freebsd1thn2cloudfoundry1freebsd_advisory1redhat1gentoo2ics1redhatcve3ubuntucve3alpinelinux2debiancve3github4prion4veracode3cve3cbl_mariner2broadcom1hackerone1openssl1